CVE-2021-33481 – CVE-2021-33481 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2021-33481?

CVE-2021-33481 has a CVSS score of 7.8 (HIGH). CVE-2021-33481 is a stack-based buffer overflow vulnerability in gocr (optical character recognition software) that allows attackers to execute arbitrary code or cause denial of service. The vulnerability exists in the try_to_divide_boxes() function in pgm2asc.c and affects users processing untrusted PGM image files with vulnerable gocr versions.

📋 TL;DR

CVE-2021-33481 is a stack-based buffer overflow vulnerability in gocr (optical character recognition software) that allows attackers to execute arbitrary code or cause denial of service. The vulnerability exists in the try_to_divide_boxes() function in pgm2asc.c and affects users processing untrusted PGM image files with vulnerable gocr versions.

💻 Affected Systems

Products:

gocr

Versions: All versions through 0.53-20200802

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when processing PGM (Portable Gray Map) image files. The vulnerability is triggered during OCR processing of these files.

📦 What is this software?

Optical Character Recognition by Optical Character Recognition Project

View all CVEs affecting Optical Character Recognition →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the gocr process, potentially leading to full system compromise if gocr runs with elevated privileges.

🟠

Likely Case

Denial of service (crash) when processing malicious PGM files, potentially disrupting OCR workflows.

🟢

If Mitigated

Limited impact if gocr runs in sandboxed environments with minimal privileges and processes only trusted files.

🌐 Internet-Facing: LOW - gocr is typically used as a command-line tool for local file processing rather than as an internet-facing service.

🏢 Internal Only: MEDIUM - Internal users could exploit this by processing malicious files, but requires user interaction or automated processing of untrusted files.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to supply a malicious PGM file that gets processed by gocr. Proof-of-concept exploit code is publicly available in the bug reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 0.53-20200802

Vendor Advisory: https://security.gentoo.org/glsa/202401-28

Restart Required: No

Instructions:

1. Update gocr to version 0.54 or later using your distribution's package manager. 2. For Gentoo: emerge --sync && emerge -av gocr. 3. For Red Hat-based systems: Use updated packages from official repositories.

🔧 Temporary Workarounds

Restrict PGM file processing

linux

Limit gocr to process only trusted PGM files from known sources

# Implement file validation before processing
# chmod 600 sensitive_pgm_files/*.pgm

Run gocr with reduced privileges

linux

Execute gocr with minimal user privileges using sudo restrictions or containers

# Run as non-privileged user
sudo -u nobody gocr input.pgm
# Or use containers
podman run --user 1000:1000 -v $(pwd):/data gocr /data/input.pgm

🧯 If You Can't Patch

Implement strict input validation - only allow gocr to process PGM files from trusted sources
Run gocr in a sandboxed environment with minimal privileges and no network access

🔍 How to Verify

Check if Vulnerable:

Check gocr version: gocr --version 2>&1 | head -1. If version is 0.53 or earlier, you are vulnerable.

Check Version:

gocr --version 2>&1 | head -1

Verify Fix Applied:

After update, verify version is 0.54 or later: gocr --version 2>&1 | grep -q '0.5[4-9]\|0.[6-9]' && echo 'Patched'

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from gocr process
Unexpected termination of OCR processing jobs

Network Indicators:

N/A - local file processing vulnerability

SIEM Query:

process.name:"gocr" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2021-33481

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: November 17, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1962865 Exploit,Issue Tracking,Third Party Advisory
https://security.gentoo.org/glsa/202401-28
https://sourceforge.net/p/jocr/bugs/42/ Exploit,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1962865 Exploit,Issue Tracking,Third Party Advisory
https://security.gentoo.org/glsa/202401-28
https://sourceforge.net/p/jocr/bugs/42/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33481, you might also want to check these: